An approach for security evaluation and certification of a complete quantum communication system - Nature
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
www.nature.com/scientificreports
OPEN An approach for security evaluation
and certification of a complete
quantum communication system
Shihan Sajeed1,2,3,4*, Poompong Chaiwongkhot1,2,5,6, Anqi Huang1,3,7, Hao Qin1,8,
Vladimir Egorov9, Anton Kozubov9, Andrei Gaidash9, Vladimir Chistiakov9, Artur Vasiliev9,
Artur Gleim9 & Vadim Makarov2,10
Although quantum communication systems are being deployed on a global scale, their realistic
security certification is not yet available. Here we present a security evaluation and improvement
protocol for complete quantum communication systems. The protocol subdivides a system by
defining seven system implementation sub-layers based on a hierarchical order of information flow;
then it categorises the known system implementation imperfections by hardness of protection and
practical risk. Next, an initial analysis report lists all potential loopholes in its quantum-optical part.
It is followed by interactions with the system manufacturer, testing and patching most loopholes,
and re-assessing their status. Our protocol has been applied on multiple commercial quantum key
distribution systems to improve their security. A detailed description of our methodology is presented
with the example of a subcarrier-wave system. Our protocol is a step towards future security
evaluation and security certification standards.
Instead of relying on assumptions of computational hardness like most other classical cryptography protocols,
quantum cryptography relies on the laws of physics for providing information-theoretic security. From the first
theoretical proposal in 1 9831 to the recent key exchange via satellite over 1200 km2, quantum key distribution
(QKD) has come forward a long way. Over the course of time, the journey has been (and is still being) impeded
by a number of attacks that exploit the deviations between theory and p ractice3–12. Ironically, as a consequence
of the attacks, QKD has been equipped with improved protocols and tools like decoy states13,14, measurement
device independence15, device-independence16, twin-field QKD17 and so on. As a result, QKD today is much
more secure and efficient in practice than it was 20 years ago.
It is now time for QKD to be expanded and deployed on a larger scale. As the push from the lab to practical
deployment is initiated in various parts of the globe, a number of security, compatibility and connectivity issues
are needed to be solved. These demand developing universally accepted standards and certification methodolo-
gies, and also the formation of a common platform for collaboration and addressing these issues. To fulfil this
need, ETSI has had an industry specification group for QKD (ISG-QKD) since 2008 that provides a platform
for the creation of universally accepted standards and promotes coordination, cooperation and standardization
of research for Q KD18–20. Development of security certification standards is at present being discussed in this
group and in other standards organisations such as International Organisation for Standardisation (ISO)21 and
International Telecommunication Union (ITU)22,23. At the same time, several recent studies attempt to intro-
duce certification of countermeasures against specific vulnerabilities in a quantum-optical part. For example,
Ref.24 studies the security of a photon source in a fiber-based QKD system against a general Trojan-horse attack
1
Institute for Quantum Computing, University of Waterloo, Waterloo, ON N2L 3G1, Canada. 2Department of
Physics and Astronomy, University of Waterloo, Waterloo, ON N2L 3G1, Canada. 3Department of Electrical and
Computer Engineering, University of Waterloo, Waterloo, ON N2L 3G1, Canada. 4Department of Electrical
and Computer Engineering, University of Toronto, Toronto M5S 3G4, Canada. 5Department of Physics, Faculty
of Science, Mahidol University, Bangkok 10400, Thailand. 6Quantum Technology Foundation (Thailand),
Bangkok 10110, Thailand. 7Institute for Quantum Information and State Key Laboratory of High Performance
Computing, College of Computer Science and Technology, National University of Defense Technology,
Changsha 410073, People’s Republic of China. 8CAS Quantum Network Co., Ltd., 99 Xiupu road, Shanghai 201315,
People’s Republic of China. 9Faculty of Photonics and Optical Information, ITMO University, Kadetskaya line
3/2, 199034 St. Petersburg, Russia. 10Shanghai Branch, National Laboratory for Physical Sciences at Microscale
and CAS Center for Excellence in Quantum Information, University of Science and Technology of China,
Shanghai 201315, People’s Republic of China. *email: shihan.sajeed@gmail.com
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 1
Vol.:(0123456789)www.nature.com/scientificreports/
Layer Description
Q7. Installation and maintenance Manual management procedures done by the manufacturer, network operator, and end users
Handles the communication between the quantum communication protocol and the (classical)
application that has asked for the service. For example, for QKD this layer may transfer the gener-
Q6. Application interface
ated key to an encryption device or key distribution network. For quantum secure direct commu-
nication this layer transfers secret messages from/to an external unit that sends and receives them
Handles the post-processing of the raw data. For QKD it involves preparation and storage of raw
Q5. Post-processing key data, sifting, error correction, privacy amplification, authentication, and the communication
over a classical public channel involved in these steps
State machine that decides when to run subsystems in different regimes, at any given time, alter-
Q4. Operation cycle
nating between qubit transmission, calibration and other service procedures, and possibly idling
Firmware/software routines that control low-level operation of analog electronics and electro-
Q3. Driver and calibration algorithms
optical devices in different regimes
Electronic signal processing and conditioning between firmware/software and electro-optical
Q2. Analog electronics interface devices. This includes for example current-to-voltage conversion, signal amplification, mixing,
frequency filtering, limiting, sampling, timing-to-digital and analog-to-digital conversions
Generation, modulation, transmission and detection of optical signals, implemented with optical
and electro-optical components. This includes both quantum states and service optical signals for
Q1. Optics synchronization and calibration. For example, in a decoy-state BB84 QKD protocol this layer may
include generation of weak coherent pulses with different polarization and intensity, their trans-
mission, polarization splitting and detection, but also optical pointing-and-tracking for telescopes
Table 1. Implementation layers in a quantum communication system.
(THA)25,26. By treating the attack as an information leakage problem, the secure key rate becomes a function of
the specifications of the installed optical components. The latter can be characterised when necessary. A similar
approach has been suggested for other individual imperfections12,27–30. A methodology to characterise and secure
the source against several imperfections is under d evelopment31. Attention to several imperfections and attacks
is being paid when designing QKD e quipment32.
Although these studies have addressed several individual vulnerabilities, no complete system analysis has yet
been reported. This is what we do in this work. We lay out a methodology for security evaluation and certification
of a complete quantum communication system against all known implementation imperfections in its quantum
optical part. To exemplify how our security evaluation methodology works, we present the results of our initial
security evaluation performed at ITMO University and Quantum Communication Ltd. (St. Petersburg, Russia)
in 2017. They are therefore the first commercial QKD manufacturer to openly publish the security assessment of
their system. We also present the results of follow-up (performed by the manufacturer) to exemplify the follow-up
step of our methodology. It consists of theoretical and experimental studies that have allowed the manufacturer
to quickly improve implementation security of their product by patching its most prominent loopholes. We
hope that our methodology will pave the way for developing security evaluation and certification standards for
complete quantum communication systems.
The security evaluation team has performed a very similar initial security evaluation in 2016 on the QKD
system Clavis3 from ID Quantique (Switzerland) and on 40 MHz QKD system from QuantumCTek (China). The
follow-up step with the latter is currently in progress. We stress that these two industry projects are highly similar
in their methodology, character of results and outcomes to the one reported in this Article. I.e., the methodology
we report here is applicable to different commercial systems. However details of vulnerabilities found in the two
above-mentioned systems remain confidential at the request of the manufacturers. At the same time, in the case
of ITMO’s system, the complete security analysis results along with all the vulnerabilities and follow-up tasks
have been presented here and no information has been kept hidden.
The Article is organised as follows. Our proposed layered architecture of the complete quantum communica-
tion system is presented in “System implementation layers” and our severity rating scheme for the implementa-
tion imperfections in “Quantifying hardness against implementation imperfections”. We describe the system
under test in “Security evaluation of ITMO’s subcarrier-wave quantum key distribution system”. Our initial
security evaluation results are presented in “Potential vulnerabilities” and the follow-up from the manufacturer
is presented in “Follow-up stage”. We conclude in “Conclusion”.
Security evaluation and certification methodology
Our methodology requires an iterative interaction between the manufacturer and the certifiers. The certifying
agency needs to have an in-depth knowledge of and physical access to the system in order to perform its security
evaluation and certification. Thus, the issue of trust has to be implicit in all the security certification tasks. The
first stage in our methodology is the security evaluation stage by the testing team; then the follow-up stage by
the manufacturer; then again the security evaluation stage, and so on. Through this iterative process, the system
security is gradually expected to reach a level that can be trusted and widely accepted.
The security evaluation stage consists of: (a) subdivision of the complete system into seven layers based on
the definitions provided in Table 1; (b) scrutinising the system for implementation vulnerabilities that may
make it vulnerable against known attacks, as well as trying to find any new unknown attacks that may apply;
and (c) categorising each discovered vulnerability according to the hardness level defined in Table 2. When the
evaluation stage ends, the follow-up stage starts. In this stage, the security evaluation results are provided to the
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 2
Vol:.(1234567890)www.nature.com/scientificreports/
Hardness level Description Examples
The threat of a photon-number-splitting attack on multiphoton pulses
is eliminated by the decoy-state protocol13,14; detector imperfec-
Imperfection is either not applicable or has been addressed with
C3. Solution secure tions are made irrelevant by measurement-device-independent
proven security
(MDI) QKD15; statistical fluctuations owing to finite sample size are
accounted by finite-key post-processing
Phase-remapping in Clavis24 (the imperfection is there, but any
This is the status of many countermeasures after their initial design. known attack attempting to exploit it causes too many errors); long
C2. Solution robust With time this state may move up to C3 after a security proof is com- wavelength Trojan-horse attack on Bob in Clavis211 (the use of a
pleted, or down to C1 or C0 after working attacks on it are found narrowpass wavelength filter appears to be sufficient given that any
known remaining attack causes too many errors)
Random-efficiency countermeasure against detector control in
Countermeasure is successful against certain attack(s), but known to
Clavis210; pulse-energy-monitoring system in Alice against Trojan-
C1. Solution only partially effective be vulnerable against at least one other attack or a modification of the
horse attack6; pinhole countermeasure against detector-efficiency-
original attack
mismatch attacks7
Laser damage attack on the pulse-energy-monitoring detector in Alice
Security-critical imperfection has been confirmed to exist, but no
C0. Insecure in Clavis29 and on optical attenuators in several systems34; photon
countermeasure has been implemented
emission caused by detection events in single-photon detectors12,35
Imperfection is suspected to exist and be security-critical, but has not Patch for channel-calibration in Clavis236; imperfections reported in
CX. Not tested
been tested Ref.8 against detector-device-independent QKD
Table 2. Hardness against implementation imperfections. Here we propose a classification scheme quantifying
how robust a given system or countermeasure is against a given imperfection. The hardness level is assigned to
each particular imperfection and the same imperfection at different systems may be assigned different levels.
For each imperfection the hardness level reflects current knowledge, and may change over time.
manufacturer and the patching commences. We have used this same methodology to evaluate the ITMO’s system
and the two other systems mentioned above.
System implementation layers. Security analysis of a complete quantum communication system is a
complex procedure that requires different areas of expertise. To simplify the job and ensure that people with
specific expertise can tackle the right problems, it is necessary to subdivide the implementation complexity into
layers. As a first step of our security evaluation methodology, we have subdivided the system implementation
into seven layers based on a hierarchical order of information flow and control as presented in Table 1. Our
layer structure is conceptually similar to the open systems interconnection (OSI) model for telecommunication
systems33. Just like OSI layers, a layer in our system serves the layer above it and is served by the layer below;
however, unlike OSI, all our layers are inside one system, and most of them are not abstraction layers. When
a generic system is installed, it starts with the top layer: Q7 installation and maintenance; then operation and
processing is subsequently initiated in each underlying layer until it gets down to handling quantum states in Q1
optics layer. Once the optics layer generates photon detections, they are again processed in each layer above in
sequence until the top layers: either Q6 interfacing the output of the quantum protocol with the application that
has requested it, or all the way up to Q7. Below we explain the functioning of each layer with examples.
The lowest layer Q1 handles the photonic signals that carry the quantum states and service functions. The
next layer Q2 interfaces the optical components with digital processing and possibly performs some analog
signal processing. It contains analog electronics and digital-analog converters. Q3 comprises digital and soft-
ware algorithms that immediately control the electronics and optics, including its calibration aspects. It might
contain, for example, a set of algorithms to maintain avalanche photodiode (APD) temperature, bias voltage,
and gating. The next layer Q4 is software that decides which Q3 layer subroutine to run. For example, it decides
when APDs need to be cooled, or when gating control should be initiated. The next layer Q5 processes the raw
data generated by the hardware to distill the final data in the protocol, for example generate secret keys in QKD.
The layer above Q6 handles the communication between the quantum protocol and the classical application
that asks for the service of the protocol. Finally, the topmost layer Q7 handles issues in any underlying layer that
require human intervention, even if the human follows a checklist. We have found that the system evaluated in
this Article, as well as several other QKD systems, allow a clear division into this layer structure. An example is
given in “Methods”.
We admit that the definition of the layers may not be complete and there could be cases when the functionality
of a particular hardware component may span across several layers. In that case, the component accommodates
more than one layer. For example, signal processing and algorithms belonging to the layers Q2 through Q5 can
be implemented in a single physical field-programmable gate array (FPGA) chip. Also, the ordering of the layers
may not be absolute. For example, in some systems, the layer Q5 post-processing may run in parallel with the
layers below it while in other systems it may start after the end of Q4 operation cycle. In any case, improvisations
have to be made when cutting each system into the layers.
If the system contains a separate physical random number generator (RNG), it is considered to be a separate
quantum device and therefore not included into our layer classification. Its output would of course interface
somewhere with the system, e.g., at layer Q5. Being a separate device it may have an implementation structure
of its own, which we do not consider here.
We remark that an initial theoretical proposal of a quantum communication protocol (such as Refs. 1,37)
covers a part of the single layer Q5, while being mostly ignorant of the other layers except their few selected
aspects. However practical security loopholes can be present anywhere in the complete implementation and be
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 3
Vol.:(0123456789)www.nature.com/scientificreports/
in any of its layers. The implementation of each layer has high technical complexity and contain tens of optical
components, operator’s checklists, thousands of electronic components and lines of software code. The task of
security analysis is to find all the loopholes.
Quantifying hardness against implementation imperfections. When an implementation imper-
fection is suspected to be security-critical, it is necessary to evaluate the security risks. The first step is testing. If
it is found to be compromising the security then the next step is to design a countermeasure solution, and the last
step is checking the robustness of that solution. This procedure is often a loop, because most countermeasures
in turn need to be tested. In order to quantify implementation imperfections—existing inside the system—in
terms of solutions implemented, we have categorised them as shown in Table 2. The lowest state CX indicates
that the imperfection is suspected to be a potential security issue, and needs to be further analysed or tested
before a conclusion can be made. After an imperfection is found to be security-critical, its state becomes C0, i.e.,
insecure. Next, a solution needs to be developed that provides security against the original attack model. At this
state the solution is expected to be robust and the imperfection is considered to be state C2. After it has been
integrated into a security proof, the state can be shifted to C3: solution secure. However, often it may be the case
that newer attack models are found that bypass the countermeasure; then the state moves to C1, which means
the solution is robust only against a specific attack model but not against others or a combination of the original
and some other attacks.
For example, in ID Quantique Clavis2 QKD system, the imperfection that the detectors were vulnerable
to bright-light detector control attack became C0 upon its discovery in 2 0093, was reclassified C2 after being
patched in 2015, then downgraded to C1 next year after the patch was demonstrated to be inadequate against a
modified attack10. A similar development can be traced for another imperfection: variation of detector efficiency
with angle of the incoming l ight7. It was suspected to be a security vulnerability (CX) up to 2015, then proven to
be so (C0) in 20157,38, then moved to C2 by the use of a pinhole and later brought down to C1 after the results
presented in Refs.9,39.
We emphasize that the categorisation of a specific vulnerability reflects only the existing knowledge about
them which can change with time as seen from the above discussion. Also the categorisation of each existing
imperfection depends on the specific system and the specific solution implemented. For example, an imperfection
in the single-photon detectors may be classified as insecure (C0) but the same imperfection might be irrelevant
(C3) for a system running a measurement-device-independent (MDI) QKD protocol.
Eventually, the objective of the security evaluation process should be to upgrade the system such that all
imperfections are on the level C3. Level C3 should be considered good for a commercial product, while levels
C1, C0 and CX should be deemed inadequate and need to be remedied by a security update or new product
development. Level C2 lies in the gray zone and while it may be considered secure for practical purposes, i.e.,
adequate for a commercial product, one should remember that it has no theoretical security proof based on
quantum mechanics. However, the development of security proofs taking into account imperfections can—in
some cases—be a slow process, and we expect many of them to attain C2 earlier than C3.
Security evaluation of ITMO’s subcarrier‑wave quantum key distribution system. In the rest of
this Article we demonstrate how our proposed security evaluation and certification methodology can be applied
to a specific system. As an example, we select the subcarrier-wave quantum key distribution (SCW QKD) system
manufactured by ITMO University and its spin-off company Quantum Communications Ltd. During the initial
security evaluation, the manufacturer has provided us with an overall design specification of the system along
with further oral information and written notes on various aspects of design and manufacturing process. We
had physical access to the hardware but did not perform any experiments on the setup during that stage. Follow-
ing the methodology from “System implementation layers” and Table 1, we have performed a complete security
analysis of the bottom four layers (Q1–Q4) that correspond to optics, analog electronics, driver and calibration
algorithms, and operation cycle of the system. For these layers, we have examined all suspected implementation
security issues according to the current knowledge. For higher layers Q5 and up (from QKD protocol post-
processing and up), we cannot perform a complete security evaluation as they lay outside our expertise area; they
should be analysed by a team with expertise in classical information technology security. Nevertheless, we have
pointed out a few issues in the layer Q5.
The results of this initial security evaluation have initially been delivered to ITMO in a confidential report in
February 2018 (prepared by those authors not affiliated with ITMO). A summary of that report is presented in
“Potential vulnerabilities”, after we briefly introduce the system to the reader.
The subcarrier-wave QKD principle was proposed in 199940 and experimentally demonstrated later the
same year41. It was initially conceived as a practical fiber-optic system offering an alternative to then-dominant
polarization and time-bin encoding schemes that would require a precise alignment during o peration40, as
42
well as to “plug-and-play” systems developed a year e arlier that limited QKD source repetition rate due to
an intrinsic two-pass architecture. More recently, SCW QKD has been demonstrated as being robust against
external conditions affecting the telecom fi ber43, allowing increased spectral density44,45, and being invariant to
telescope rotation in open-air l inks46. Its viability has been experimentally demonstrated for metropolitan area
telecommunication lines47, multi-user48,49 and software-defined50 networks.
A basic design of the SCW QKD system is shown in Fig. 1. In Alice module, a continuous narrow linewidth
laser acts as a light source. This radiation with frequency ω is usually referred as carrier wave, or simply a car-
rier. It passes through an electro-optical phase modulator, to which an electrical driving signal with frequency
is applied. As a result, two subcarriers (or sidebands) with frequencies ω − � and ω + � appear in the opti-
cal frequency spectrum, as shown on the plot in Fig. 1. Quantum information is encoded in the phase shift ϕA
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 4
Vol:.(1234567890)www.nature.com/scientificreports/
Figure 1. Basic subcarrier-wave QKD scheme. Plots show optical spectra at different points in the setup.
ATToptical attenuator, PSM electro-optical phase shift modulator, SF notch spectral filter, SPD single-photon
detector.
between the carrier and the subcarriers, which is induced by phase modulation of the electrical driving signal43.
Four phase states (0, π/2, π , 3π/2) are used in both Alice and Bob modules. After modulation the signal passes
to the quantum channel through an attenuator. Carrier power, modulation index and attenuation value are cho-
sen so that the mean photon number µsb (on two sidebands combined) meets the protocol requirements. On
Bob side a similar modulator introduces phase shift ϕB resulting in single-photon interference on the sidebands.
An optical filter separates the carrier from the sidebands, and the latter are detected on a single-photon detec-
tor. The registered optical power depends on the difference |ϕA − ϕB |. If Alice and Bob introduce equal phase
shifts, constructive interference is observed, and the optical signal power at the sidebands differs from zero. In
the opposite case, when the difference equals π , destructive interference occurs and the registered counts cor-
respond to dark noise of the detector. Instances when the difference is π/2 are discarded during sifting. Key bits
are obtained from the registered counts using algorithms similar to a phase-encoded BB84 protocol43,51. A full
quantum description of the system and the implemented protocols can be found in Refs.51,52.
Potential vulnerabilities. Based on the received information about the system, we have identified a num-
ber of potential security issues that might be exploitable by an adversary Eve. A summary of these results is given
in Table 3. For each imperfection, we specify the corresponding Q-layers (see “System implementation layers”),
hardness level Cinit (see “Quantifying hardness against implementation imperfections”) and an estimate of the
risk. Almost all the identified issues require further detailed analysis, and in many cases, in-depth experimental
testing in a laboratory. For many issues, the hardness level is CX, meaning the issue’s applicability to the system
implementation needs to be studied and tested. We specify in which system implementation Q-layers each issue
is located, according to the classification introduced in “System implementation layers”.
The risk evaluation listed in Table 3 is based on a guessed likelihood of the vulnerability, expected fraction
of the secret key leakage, and estimated feasibility of exploit technology. It is essential for manufacturers with
limited resources to prioritize the problems. Vulnerabilities that can be exploited using today’s technology and
compromise full secret key are a more immediate threat. They should be addressed before those that require
future technology or provide only partial key information (thus requiring of Eve an additional classical crypta-
nalytic task). We have followed this strategy and tested the two highest risk issues during the follow-up stage
(see “Follow-up stage”). The security proof and implementation of post-processing have also been completed
after the report.
We remark that more security issues may be discovered in the future once the system design and operation
are examined in greater detail. We now explain the identified issues.
Controllable detectors. Two types of detectors are used in the present implementation: ID Quantique (IDQ)
ID210 gated APD and Scontel TCORPS-CCR-001 superconducting nanowire single-photon detector (SNSPD).
Among them, Scontel SNSPD is at least partially controllable by bright light57–59. Whether the same was true
for ID210, required experimental testing. From our previous measurements on ID Quantique Clavis2 QKD
system, we know that it is possible to blind its detectors by sending a continuous-wave (c.w.) light of power
Pblind = 0.3 mW10. Then by choosing a trigger pulse power Ptr greater than the threshold power Pth = 0.15 mW,
it is possible to force a click when Bob-Eve phases match. If we assume ID210 behaves similarly to the detectors
in Clavis2 system, then Eve could send c.w. power to blind it and perform the faked-state attack3 detailed in
“Methods”.
However, sending a trigger power Ptr at the subcarrier frequency will not work as the photons will be shifted
to another frequency due to Bob’s modulation. Instead, Eve needs to inject extra photons in the reference signal
frequency so that they are shifted to the subcarrier after the modulation and trigger a click in the blinded detec-
tor. Due to the small m in the present system, the reference power required by Eve is Pref ≈ Ptr /m. For example,
for m = 0.05, a 1 ns trigger pulse at the subcarriers with peak power Ptr > 0.15 mW10 just before the detectors
would require a 1 ns wide reference pulse with peak power of Pref > 3 mW at Bob’s input. This is an easily gener-
ated and transmitted optical power.
Laser damage. Whether the current system is vulnerable to laser damage attack (LDA)9,60, can be ascertained
only after experimental testing. Since one of attenuating components, a variable optical attenuator (VOA; FOD
5418) in Alice is the closest to the channel (see Fig. 2), it will be the first target for Eve’s LDA. Eve can send high
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 5
Vol.:(0123456789)www.nature.com/scientificreports/
Potential security issue Cinit Q Target component Brief description Require lab testing? Initial risk evaluation Ccurr Current status
Loophole has
been experimen-
tally confirmed
Controllable detectors CX Q1–5,7 SPDs See Ref.53. Yes High C2 and the suggested
countermeasures54 have
been implemented in
the current version.
Loophole has been
experimentally
confirmed in Alice
Laser damage CX Q1,3 Alice’s & Bob’s optics See Ref.9. Yes High C2 and the suggested
countermeasures34 have
been implemented in
the current version.
Manufacturer has devel-
oped countermeasures
(patent pending) to be
Low (Alice), High
Trojan horse C2, C0 Q1 Alice’s & Bob’s optics See Ref.24. Yes C2, C2 implemented in the next
(Bob)
system modification and
then analysed again by
the testing team.
Was a known issue.
Has been covered by
the manufacturer after
receiving the report,
see Ref.52. The privacy
Lack of general security “Lack of general secu-
C0 Q1,5 QKD protocol No High C3 amplification procedure
proof rity proof ”
has been updated in
the software. The two
groups continue to
jointly verify the secu-
rity proof.
Was a known issue.
Has been covered by
the manufacturer after
Manipulation of refer- receiving the report,
CX Q1,5 QKD protocol 2.4.5. No High C3
ence pulse see Ref.52. Reference
monitoring has been
implemented in the
system.
Lower priority issue that
Time-shift attack CX Q1–3,5 PSMs 2.4.6. Yes Medium CX is a subject for future
work.
Was a known issue.
Has been covered by
the manufacturer after
receiving the report,
Privacy amplification C0 Q5 Post-processing 2.4.7. No High C3
see Ref.52. The privacy
amplification procedure
has been updated in the
software.
Was a known issue.
Has been covered by
the manufacturer after
receiving the report, see
Finite key size effects C0 Q5 QKD protocol See Ref.55. No Low C3
Ref.52. The system soft-
ware has been updated
taking the finite-sized
effects into account.
Was a known issue. The
manufacturer has put
effort into quantum
Non-quantum RNG C0 Q5 RNG 2.4.9. No Low C3 RNG research56 and has
selected a physical RNG
for the next version of
the system.
Lower priority issue that
Intersymbol interfer-
CX Q1–3 PSM’s drivers 2.4.10. Yes Low CX is a subject for future
ence
work.
Table 3. Summary of potential security issues in ITMO’s subcarrier-wave QKD system. Cinit , hardness
of the initial implementation (analysed in 2017) against this security issue; Ccurr , hardness of the current
implementation (patched as of early 2020) against this security issue. Ccurr reflects the current knowledge
about the security issue, and may change in the future (see “Quantifying hardness against implementation
imperfections”). Q, system implementation layers involved (see “System implementation layers”).
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 6
Vol:.(1234567890)www.nature.com/scientificreports/
Figure 2. Alice’s optical scheme in detail. Component pigtails are connected using angled ferrule connectors
(FC/APC). OI optical isolator, FOA fixed optical attenuator (plug-in style), LP linear polarizer, VOA variable
optical attenuator.
Figure 3. Bob’s optical scheme in detail. Bob’s phase shift modulator PSM2 is polarization-insensitive and is
implemented as two identical modulators acting on orthogonal components of input polarization. PBS fiber-
optic polarization beam splitter, PBC fiber-optic polarization beam combiner, C circulator, FBG fiber Bragg
grating.
power laser to damage the optical attenuator to reduce its attenuation. If successful, lights coming out of Alice
will have higher mean photon numbers than permitted by the security proofs, thus compromising the security.
It will also be interesting to experimentally check the effect of laser damage on the optical PSMs to see whether
LDA can affect m. If it can, then further studies need to be conducted to check whether it leads to a denial of
service or a security compromise. Finally, if LDA can reduce the insertion loss of either the PSM1, linear polarizer
(LP) or fixed optical attenuator (FOA) in Alice, it may facilitate other attacks, e.g., Trojan-horse attack. Hence,
these components must be characterized meticulously against LDA.
Trojan‑horse attack. In SCW QKD protocol, after sifting, Alice and Bob keep only the outcomes for which they
both used the same phase, i.e., ϕA = ϕB. Thus if Eve can extract information on either ϕA or ϕB by performing a
Trojan-horse attack (THA)25,26,61, the security will be compromised. With current technology, Eve needs a mean
photon number µB→E ∼ 4 to perform homodyne detection61.
The secure key rate in the presence of THA—under reasonable assumptions—is available for both single-
photon and decoy-state Bennett-Brassard 1984 (BB84) protocol24. It is based on Alice’s ability to upper-bound the
outgoing mean photon number µout. A similar theoretical analysis under assumptions appropriate for the present
scheme is not available, and needs to be performed. Moreover, wavelength can also be an attack v ariable11,62. It
is thus important to measure experimentally the actual values of the insertion loss and reflection coefficients
of several components such as LP, FOA, OI, connectors, etc. in a large range of wavelengths that can propagate
through the optical fiber (from < 400 to > 2500 nm). Since a laboratory with wideband characterisation equip-
ment is not readily available to us, we have limited our analysis to Eve using a single 1550 nm wavelength. With
these two shortcomings, our security evaluation of the system against the THA is detailed below.
Alice: In the present scheme (Fig. 2), possible sources of reflection are the LP (Thorlabs ILP1550PM-APC),
FOA (Fibertool FC-FC 15 dB), optical isolator (OI; AC Photonics PMIU15P22B11), all the standard optical
connectors placed after PSM1 (i.e., at its side facing away from the quantum channel), and that facet of PSM1.
We identify that one of the strongest sources of reflection is the LP with 45 dB return loss (according to its data
sheet). Assuming the VOA is set to 70 dB (which is a typical attenuation value required by the SCW QKD proto-
col), the insertion loss of the PSM1 is 3 dB and that of each connector is 0.3 dB, the total round-trip attenuation
experienced by a Trojan photon is 193.4 dB. For the other protocols, an appreciable decline of performance begins
at µout ∼ 10−624. For that, an eavesdropper would need to send 2.2 × 1013 photons per pulse into the system,
which—considering a phase change frequency of f = 100 MHz—corresponds to injecting c.w. power of 280 W.
This is somewhat above present-day technology capability, may be around the physical limit of how much power
the standard fibers can carry, and will certainly trigger laser damage of Alice’s components. Most fiber-optic
components get damaged at less than 10 W9,34,63,64. While this suggests the risk of THA at Alice’s side is relatively
low, it is important to check the reflection from the OI and FOA, which requires experimental testing. Finally,
this analysis should be repeated for lower attenuation settings of the VOA that may be used by the system and
the risk should be evaluated accordingly.
Bob: The risk of THA on Bob seems to be comparatively higher than that at Alice since there is no attenua-
tor or isolator in Bob’s module (Fig. 3). The reflection coefficient of the polarization beam combiner (PBC; AC
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 7
Vol.:(0123456789)www.nature.com/scientificreports/
Photonics PBS15P12S11-2m) just after PSM2 is 50 dB (according to its data sheet) while the insertion loss of the
polarization beam splitter (PBS; same as PBC), PSM2, and each of the four connectors is 0.48, 1.7, and 0.3 dB,
respectively. Assuming the point of reflection is the PBC just after the phase modulator, the total loss experienced
by a Trojan photon will be l = 56.8 dB. This means that in order to get a single photon out, Eve needs to inject
a c.w. power of only 6 µW , which is easy.
Note that ID210 runs in gated mode with afterpulsing. So, Eve can send the Trojan photons just after the
gate but still inside the phase modulation window. However, this may cause a high level of afterpulsing in Bob’s
single-photon detectors61. Scontel TCORPS-CCR-001 has no afterpulsing but it runs in continuous mode, thus
making it difficult for Eve to send Trojan photons. Eve can resort to a longer wavelength (such as 1924 nm) to
reduce both the afterpulsing side-effect11 and also the probability of the Trojan photons to be detected. As a
result, wavelength filters are necessary in Bob. Nevertheless, afterpulsing characterization of detectors along
with characterization of the wavelength filter at longer wavelengths are necessary in order to prevent the THA.
Lack of general security proof. An apparent requirement of the SCW QKD protocol (to prevent photon number
splitting (PNS)37,65 and unambiguous state discrimination (USD) attack6,66) is to monitor the carrier signal as
highlighted in41,67. However, based on our discussions with ITMO’s engineers, we learned that the monitoring
of the reference signal might not be implemented partly due to implementation complexity and partly because
they do not deem it necessary for security, because Ref.51 shows that the system is secure against a collective
beam splitting (CBS) attack over a large distance. Here, we emphasize that being secure against the CBS attack
mentioned in Ref.51 does not guarantee security against more general attacks. As an example, we outline a more
powerful attack in “Methods”.
Manipulation of reference pulse. Here we assume that the reference pulse monitoring is implemented in the
system and analyse the consequences. If care is not taken during the implementation, there might still be ways
for Eve to perform the USD attack as the following.
First, Eve intercepts Alice’s signal just outside Alice’s lab and performs a USD m easurement68. For any con-
clusive measurement, she prepares the same state with a higher mean photon number and sends it to Bob via
a lossless channel, in order to maximize his detection probability. For any inconclusive measurement, she still
needs to send the reference signal to Bob and wants it to be detected. However, sending only the reference signal
while suppressing the sidebands does not work as it will introduce errors. Instead, Eve wishes the subcarrier
signal detection probability to be as low as possible while still keeping the reference signal detection probability
as high as possible. The number of photons in the subcarrier and reference signal—after Bob’s modulation—is
given in Ref.51 as
nsb s ′ 2
ph = αµ0 η(L)ηB 1 − |d00 (β )| ,
(1)
nref s ′ 2
ph = αµ0 η(L)ηB |d00 (β )| .
Here, µ0 is the mean photon number of the reference pulse, η(L) is channel transmission, ηB is transmission in
s (β ′ )| is the Wigner d-function that decides the number
Bob module, and α is additional loss induced by Eve. |d00
of photons to be shifted from reference to side-bands based on its argument β ′ , which itself is a function of the
modulation index and the phase difference between Alice and Bob.
We assume APDs are used for the detection of both the reference and subcarrier signals. Then the detection
−niph
probability in mode i ∈ {ref, sb} is Pdet
i =1−e (for simplicity, we consider unity detection efficiency). For
ph ≪ nph , which leads to Pdet ≪ Pdet . Depending on the chosen value of m and µ0, Pdet can
normal operation, nsb ref sb ref sb
be significantly more sensitive to α compared to Pdet ref . In that case, increasing α would reduce P sb much faster
det
than Pdet . As a result, it might be possible for Eve to reduce subcarrier signal detection rate without affecting the
ref
reference detection rate considerably. The small reduction in Pdet ref can be compensated by adjusting the power
of the pulses sent during the conclusive measurement cases. The only limitation on α is that Pdet ref should not be
lowered significantly for Alice and Bob to notice. A countermeasure to this attack can be to monitor the reference
and subcarrier detection rates. However, a further study is required to find the optimal strategy to monitor the
reference and subcarriers and also to design the monitoring detector, determine µ0, monitoring threshold, and m.
Time‑shift attack. In order to achieve time synchronization, Alice sends to Bob a continuous 10 MHz sinusoi-
dal optical signal, which is further modulated by a signal of a special shape with 60 ms period. The position of bit
slots of 10 ns period43 and other time intervals are defined with respect to this signal. We suspect that it might be
possible for Eve to control the time delay of the reference and side-band signals relative to this synchronization
signal to shift their arrival times into a specific moment inside or outside the phase modulation window. This
might make the system vulnerable against time-shift attacks (TSA)69. A time-shift attack can be performed on
the SCW QKD system as follows. For ease of understanding, let us first assume that there is a time gap between
successive phase modulation windows (i.e., they are narrower than the bit slot), and in between the modula-
tion windows the phase is 0. We assume a faked-state attack in which Eve stays outside of Alice’s module and
performs USD of Alice’s states. Whenever she obtains a conclusive outcome, she sends the same state ϕE to Bob
in the correct time window (i.e., she does not alter the arrival time). When Bob measures in the same basis, and
ϕE = ϕB (ϕE = ϕB), he gets a click (no click). However, when Eve obtains an inconclusive outcome, she gener-
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 8
Vol:.(1234567890)www.nature.com/scientificreports/
ates a ϕE = π state and sends it in-between the phase modulation windows. Since in between the modulation
window the phase applied is 0, this ensures no detection by Bob’s detector.
In our discussion with the developers, we learned that in the current SCW QKD implementation, there is no
gap between successive phase modulation windows. However, at the transition region from one window to the
next, there is a fast fluctuation. Thus, it will be interesting to know what effective phase shift is experienced by a
pulse if it is sent at the time interval corresponding to the fluctuations. For example, if the effective phase shift is
ϕ0, then it might still be possible for Eve to remain inconspicuous during the inconclusive measurement slots by
sending a state ϕE = π + ϕ0. However, the feasibility of this attack can only be ascertained by experimental test-
ing. For that, one needs to characterize Bob’s phase modulation windows—including the transition regions—in
the time domain for all phase values. Click processing by Bob will also need to be checked for detection times
in the transition regions.
Privacy amplification method. In the composability framework of Q KD70, to achieve ǫ-security, it is required
that Alice and Bob estimate the upper bound of Eve’s information on their key up to the end of error correction
step, and apply a proper universal-2 hash function. This is done to generate a shorter secret key such that the
probability that the key is not perfect and the protocol did not abort is bounded by ǫ. However, the present sys-
tem does privacy amplification by first calculating secret key size and then randomly discarding bits in the error-
corrected key to match that calculated secret key size. The disadvantage of this random key removal procedure
compared to hashing is that Eve can listen to the classical communication between Alice and Bob and follow
the exact procedure to discard bits from her own set. At the end, ǫ-security cannot be guaranteed. To make the
secret key ǫ-secure according to the composability framework, the proper implementation of privacy amplifica-
tion using the hash function is advised.
Finite‑key‑size analysis. In the present system, the size of the raw key is limited by the size of Alice’s memory (1
Mbit). According to the developers, this leads to a sifted key size of ≈ 20 kbit for a distance of 12 km. For a larger
distance of 200 km, the size becomes as low as ≈ 10 kbit43. 10% of this sifted key is used for parameter estimation.
This small sample size has a high probability to lead to discrepancies between the estimated and actual parameter
values due to finite-size-effects71. Since the present security proof used by the developers does not consider the
finite-key-size effects, the system might be vulnerable to them.
Based on our previous analysis on a different system72, we know that the finite-size effects become significant
when the sifted key size is lower than 200 kbit . At that size of the sifted key, the system—without finite-size-
analysis—generated a larger secret key than the upper-bound set by the finite-key-size analysis. Thus, security
of the generated key was not guaranteed. Since the sifted-key size of 20 kbit in the present system is much lower
than 200 kbit , we strongly suspect that finite-size effects are significant. Thus, we advise to develop a thorough
finite-key analysis. To do this, any deviation of parameters due to finite-size-effect needs to be analysed. An
example of this effect is the collision probability, i.e., the probability of a hash function mapping two different
input keys to the same output key. Other examples could be found in Refs.55,70,73–75.
Non‑quantum random number generator. In the present system, three types of RNGs can be used in an inter-
changeable manner. One is a pseudorandom number generation software drand48_r from Linux operating sys-
tem. The second is a commercial product manufactured by the developers of this QKD system. The third one is
the internal RNG of Altera Cyclone IV FPGA chip. Using a pseudorandom generator (or randomness expan-
sion) does not satisfy the randomness assumption of the security proof. For the other two generators, care should
be taken to verify the quantum origin of the random numbers and the quality of implementation.
Intersymbol interference. Owing to the limited bandwidth of the driving electronics, high speed systems might
exhibit intensity correlation among the neighboring pulses—an effect known as the intersymbol interference or
the pattern e ffect76,77. The electronic signal applied to the modulator might be dependent on the preceding pulse,
which violates the assumption of security proof. This may lead to vulnerability. Testing should be done in order
to assess the risk of the intersymbol interference in the present system.
Follow‑up stage. After the initial security evaluation report had been delivered in 2017, the follow-up
process ensued. Till now, laboratory testing of the two issues controllable detectors and laser damage has been car-
ried out. In both cases, the testing has confirmed the vulnerability’s presence and the manufacturer has designed
countermeasures and implemented them in the current version of the SCW QKD system. Most other issues
(Trojan-horse attack, lack of general security proof, manipulation of reference pulse, privacy amplification, finite
key size effects, non-quantum RNG) have also been addressed as outlined below. Two lower-risk issues, time-shift
attack and intersymbol interference, remain to be studied in the future.
Controllable detectors: Both detector units mentioned in “Lack of general security proof ” have been tested.
It has been found that ID210 is fully controllable by bright light54, while Scontel SNSPD with a built-in electronic
countermeasure (recently developed by Scontel) is partially controllable and the countermeasure in it needs to be
improved59. The optical power required to control ID210 can easily be generated and transmitted through Bob’s
optical scheme54, confirming our original risk assessment. Technical countermeasures against this attack are cur-
rently under consideration. We remark that this vulnerability remains unsolved in most existing QKD s ystems78.
Laser damage attack: as suggested in “Laser damage”, we have performed laboratory testing of the VOA
unit (FOD 5418). We have found it to be severely vulnerable to the L DA34. A brief application of ∼ 2.8 W c.w.
laser power damages a metal film layer inside this component and reliably reduces its attenuation by ∼ 10 dB,
which renders the key insecure. A countermeasure currently under consideration is to insert another component
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 9
Vol.:(0123456789)www.nature.com/scientificreports/
between the line and the VOA, in order to prevent the latter from being exposed to high power. Candidates for
this other component are being tested63,64.
Protocol-related issues: A proof of security for a general attack—the lack of which has been highlighted in
“Lack of general security proof ”—has been developed in Ref.52. It is summarised in “Methods”. The issues dis-
cussed in “Lack of general security proof ” and “Manipulation of reference pulse* have been closed by an analysis
of advanced attack and appropriate countermeasures79,80. We recap these results in “Methods”. Finally, a correct
privacy amplification method (“Privacy amplification method”) and finite-key (“Finite-key-size analysis”) have
been included in Ref.52. The finite-key analysis is recapped in “Methods”. Since all these issues appear to have
been addressed by this recently published theoretical work, we have updated their current hardness level in
Table 3 to C3.
Two more issues have also been analysed and patched by the manufacturer. For the Trojan-horse attack
(“Trojan-horse attack”), additional components have been added to the optical scheme in order to detect the
attack (patent pending). Also, possible Eve’s information acquired by Trojan-horse attack has been quantified
and considered in the security model. The non-quantum RNG (“Non-quantum random number generator”) will
be replaced in the next version of the system by a quantum one developed by the ITMO team.
Overall, our joint work has allowed ITMO University and Quantum Communications Ltd. to quickly patch
most of the loopholes by introducing countermeasures. The implementation hardness levels have been raised
from Cinit of CX and C0 at the time of the initial report to the current state Ccurr of mostly C2 or even C3. Coun-
termeasures marked C2 may eventually become C3, after additional experimental testing and improvement. The
two groups also continue to jointly verify the protocol security proof.
Conclusion
The lack of security certification methodology for quantum cryptography is ironic, since security is the main
concern behind the shift from classical to quantum cryptography. In this work we have presented a methodology
for security evaluation of a complete quantum communication system. Our methodology works in an iterative
interaction between the certifiers’ evaluation stage and the manufacturer’s follow-up stage. At the evaluation
stage, the complete system implementation is subdivided into seven layers, a set of layers (in our case the bot-
tom four) are exhaustively searched for vulnerabilities, and finally each discovered imperfection is categorised
based on the hardness of the realised solution and practical risk. At the follow-up stage, work is performed to
eliminate these vulnerabilities.
We have applied this methodology to three different QKD systems and presented here the results for the SCW
QKD system from ITMO University and Quantum Communications Ltd. In this system, we have found a number
of potential security issues—which we expose here without omissions—that need a careful investigation by the
manufacturer. Experimental tests, countermeasure and theory development have followed. As the result, most of
the issues have been addressed, increasing the hardness rating of this implementation. Projects of a very similar
character are going on with the two other systems (by ID Quantique and QuantumCTek) that we earlier analysed.
I.e., our protocol is applicable beyond the system detailed in this Article. We hope it will pave the way towards
development of a security certification methodology for existing and future quantum communication systems.
Our security certification methodology is developed with only point-to-point QKD protocols in mind and
we are not sure how applicable it will be for a network scenario. We hope that making the point-to-point systems
secure would eventually make the resultant network secure.
One important but sometimes overlooked aspect should be emphasised. When someone is engaged in design-
ing a system, his mindset tends to become biased, and he may not be able to think from a different point of view
and see security problems with his own design. This is the very reason the task of security certification should
be done in collaboration with third-party experts whose main goal is to find problems. This helps a responsible
QKD manufacturer to quickly assess and resolve the security issues, as has clearly happened in the case of ITMO.
Furthermore, the third-party analysis should ideally begin during initial design considerations, rather than after
the commercial implementation has been completed (as has been the case here).
Methods
Another example of layer subdivision. To give another example, let’s consider commercial QKD system
Clavis381. Its operation can be divided into our proposed layer structure as follows. When a customer receives
the system, the first steps involve a manual installation procedure that is done according to the instruction from
the manufacturer. For example, the user needs to connect Alice and Bob QKD stations with a fiber, setup two
control PCs (running Linux OS) to install the ‘Clavis3 Cockpit’ software, configure an Ethernet network with
specific IP addresses to establish communication between control PC and Alice-Bob QKD stations, and connect
fibers in Bob QKD station in a specific way depending on whether internal or external single-photon detectors
are used. During the course of operation, manual interventions may be needed from time to time for mainte-
nance: for instance, if the control software hangs, a manual restart is required. All these fall under layer Q7. Next,
the system should interact with some external key management system or encryption engine. These tasks are
handled in layer Q6. Next, layer Q5 specifies the post-processing rules: for example, coherent-one-way (COW)
QKD protocol with LDPC error correction (with a code rate 2/3) and security parameter of ǫ = 4 × 10−9. Next
layer Q4 decides which subroutine to initiate: for instance, whether to adjust synchronization between the Alice
and Bob QKD stations, optimise modulator voltages in order to maximize the interference visibility, or send
qubits from Alice to Bob. The control is then transferred to layer Q3, which executes the chosen subroutines with
help from Q2 and Q1. For example, when Q3 initiates the raw key exchange subroutine, the field-programmable
gate array (FPGA) chip in Alice—at layer Q2—outputs a stream of 1.25 Gbps digital pulses with adjustable
amplitude and width to drive an intensity modulator that prepares the quantum signals. The latter are then sent
Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3 10
Vol:.(1234567890)You can also read
